Details
-
Bug
-
Resolution: Done
-
High
-
2015.09.1
-
None
-
None
Description
Repository exceptions such as UnauthorizedException will bubble up to the end, and be displayed as such instead of showing the login screen.
The reasons are multiple.
1. The Core\ExceptionListener from the Bundle has a priority of -90, while the one from the Firewall Sf component has 0. Ours translates the repository exception after the firewall has checked if it should display the login screen.
2. The Core\ExceptionListener translates API\UnauthorizedException into an HttpKernel\AccessDeniedException. As it turns out, that one does NOT implement Security\AccessDeniedException, meaning that the Firewall exception listener still doesn't see it.
I see two solutions:
a) Translate the exception to a new eZ\Publish\Core\Base\Exceptions\AccessDeniedHttpException that implements both HttpKernel\HttpException and Security\AccessDeniedException
b) Translate the exception to an Security\AccessDeniedException directly. As far as I can tell, the Security listener will correctly handle the HTTP codes, both for authenticated and unauthenticated users.
Maybe a makes more sense.
Attachments
Issue Links
- blocks
-
EZP-24869 Deprecate the locationView action
- Closed
- discovered while testing
-
EZP-24793 Make Repository exceptions translatable
- Closed
- testing discovered
-
EZP-25004 Users link is missing on the Administration dashboard view
- Closed
-
EZP-25005 Display Contents assigned to a Section in the section view page
- Backlog
- links to